1. Field
Embodiments of the invention generally relate to techniques for managing encrypted files. More specifically, embodiments of the invention provide format-friendly encryption techniques where the format of a file being encrypted is selected as a format for an encrypted copy of that file.
2. Description of the Related Art
Protecting access to data is a well known issue in numerous contexts. For example, it is common for individuals to encrypt sensitive data using a variety of software encryption tools. Frequently, these tools are used to encrypt a file, e.g., a word-processor document, using a symmetric key generated form a password. So long as the user remembers the password, they can decrypt the document.
Similarly, it is common for an enterprise to encrypt sensitive data created by users and a variety of tools are available for this purpose. For example, in an enterprise setting, documents (and other files) are encrypted using keys associated with users authorized to access a given document (or file). In such a case, e.g., an administrator may specify that all documents in a given folder (or other shared storage location) should be encrypted. An administrator may also specify which users are authorized to access a given document (or folder) and create/distribute keys used to do so. In some cases, the encryption/decryption may generally be transparent to users within the enterprise. For example, a proxy, plug-in, driver, or software agent, may be used to encrypt and decrypt files accessed by a given application (e.g., a word processor, spreadsheet, email client, presentation software, etc.). Typically, encrypted files are stored using a format that is independent from that of the format of the unencrypted file. For example, a spreadsheet file, word processor document, etc., may be converted to a proprietary binary format (or simple text format) when encrypted using a software tool. In such a case, when accessed by an application that can read the original data format, the encrypted content is unintelligible.
More and more data is being shared outside of enterprise boundaries, e.g., a variety of online services for file sharing allow application files to be accessed in a distributed manner. In such a case, when a user shares an application file with a cloud-storage provider, a user accessing that document may end up accessing an encrypted file within no means to decrypt it and attempting to view the file using an application that does not understand the encrypted content. More generally, using encryption tools often creates friction in business processes within an enterprise, as once a user (or proxy acting on behalf of a user) encrypts data, it is no longer usable by the software that created and/or maintains that data. This produces unfriendly results for users who try to access the file later, either forgetting to decrypt it first or not having the software on hand to decrypt it. Furthermore, even if the end user understands encryption concepts and that a given application file has been encrypted, the end user might not be aware of what software to download or what steps are required to get a file into an unencrypted state. This can occur, e.g., when a user uploads a file transparently encrypted by a proxy agent to a shared cloud storage provider.